Brad here again, and I hope you’ve been able to get your XAMPP download and installed the package.
Lesson 4 is all about securing your new XAMPP installation.
You really need to change the password for the user “root” because once you open up your website to the outside world, anyone will be able to change, delete and otherwise muck around with your XAMPP installation. You don’t want that.
Browse to:
http://localhost/security/xamppsecurity.php
You should see a page entitled:
“Security console MySQL & XAMPP directory protection”
Update: Leon kindly posted a comment about not being able to login using phpmyadmin afterwards, so I decided to check out my localhost installation of XAMPP (using the above URL). Here’s the page I get:
Its written in German, so…. the best way to see it in your own language is to go to:
http://localhost/security/index.php
and click on your preferred language.
If you browse to the above page, you’ll see a report that outlines everything you need to secure.
Click the link at the bottom of the page – that’s
http://localhost/security/xamppsecurity.php
Enter a new password into the two text boxes. You’ll need this later on, so don’t forget it, and do make it something hard to guess. (I’m sure you know what to do with passwords – I don’t need to tell you how important they are.)
Next, tick the radio button marked “http” on the PHPMyAdmin authentification (!) option.
Next, ensure the Safe plain password in text file? checkbox is turned off.
Click the “Password changing” button.
You should now get a message to say that the root password was successfully changed, and a reminder to restart the mySQL service.
To do that, click Start, click Programs, click Apache Friends, click XAMPP, click XAMPP Control Panel if it isn’t already running.
Click the button marked “Stop” to the right of the mySQL service entry. Wait until it says “Start”, then click it again. You’ve now restarted the mySQL database with a new password. Whenever you need to do any database administration in the future, remember to use the new password you entered above.
In the second section, entitled:
XAMPP DIRECTORY PROTECTION (.htaccess)
enter a usename and password to protect the main XAMPP folder.
Ensure the “Safe plain password in text file?” option is turned off.
Click the “Make safe the XAMPP directory” button.
All done! If it was all successful, you should see a page like this:
Administration of your XAMPP installation from now on:
Accessing the mySQL server database (lots of open source software, which we’ll be running under XAMPP, uses mySQL as their database) is as simple as appending “phpmyadmin” after your domain name (or localhost if running locally, which you would be at the moment unless you’ve gone a few steps ahead of the rest of us!)
The URL to get to your phpMyAdmin interface will be:
http://localhost/phpmyadmin
A standard Windows dialog box will appear – enter the username and password you entered in the steps above. You should now see your phpMyAdmin web interface. Don’t worry so much about it at the moment, but that’s how you need to access it later on.
Remember to restart the mySQL server before trying to log back in.
That’s about it for this lesson.
Please give me some feedback – too slow, too fast, unsure of what’s going on?
I’m here to hep you – please don’t hesitate to ask for assistance.
Lesson 5 – Create a domain name is going to be a beauty!
Update Jan 2012.
(Yes, I know – a long time between drinks! 
)
A few people have contacted me wanting to know more about securing XAMPP, so here are a few more resources you might want to have a look at:
Make XAMPP Secure – Robs Notebook
Secure XAMPP – Apache Friends
How-To Secure XAMPP from localhost – DevShed
The Basics of XAMPP security – the Excruciatingly Correct Guide
Securing Your XAMPP – The Truth of the Matter
Are there any other resources that you’ve found? Please share them!
Have got as far as Lesson 4 and when I put in the username and password to get in to http://localhost/phpmyadmin the username and password are not accepted even though I have changed them twice. It says access denied. even though I have made the Xammp directory safe.
Maybe I should close everything and reopen?
Thanks for the great tutorial I am enjoying it I hope.
Hi Leon!
Thanks for visiting and leaving a comment! (There actually *is* someone out there!)
Let me review this and I’ll get back to you soon.
Cheers
Brad
Hey Leon
I think the problem is that you didn’t restart the mySQL server to pick up the new password?
Give that a go and let me know. I’m glad you’re enjoying the tutorials. Is there anything else you’d like to see?
BTW – how did you find the website? Google? Somewhere else?
Cheers
Brad
I tried again.same happened
I am using Vista and downloaded Xampp win32-1.7.2
I just noticed on the top of the security page after I clicked on make Xampp directory safe button the following appeared
Warning: chdir() [function.chdir]: No error (errno 0) in C:xamppsecurityhtdocssecurefunctions.php on line 205
Thanks for being there
Hi Leon
Hmmm – Vista.
Yes I’m running on Vista too, but I have UAC turned off. Maybe that’s the problem?
I wouldn’t think so, but….
But it actually says “No error (errno 0)” in the message?
Try restarting everything using the XAMPP Control Panel.
Cheers
Brad
Good morning
I loose control!
HI
It is really easy so far and is working really well.
I also got stuck just at the log-in at the end of this lesson. I was trying to use the xammp directory protection username and p/w – what is required to see the localhost screen is the username ‘root’ and the assocaited root password.
Enough computing for today – dinner time L:-)
Thanks for your work on this – I’m hoping to use the platform to teach myself php programming and website building.
Ian
Hi Ian
Sorry to have been so long in replying…
There seems to be a lot of confusion about this.
Please let me review this in a sober moment, and I’ll see what I can provide in the way of instructions!
Cheers
Brad
Well I am here agan with step 4 dcompleted with success. Woot
Hi
No go on logging in to PHPMyAdmin
I keep getting the username and password box come up
If I cancel the box it says wrong username/password
I have restarted Apache and sql and still no go
Any ideas ?
Mike
Hi Mike
Let me review this again – its been a long time since I wrote this stuff – have moved house, had to re-install everything etc etc, so need to recheck what’s going on.
Please bear with me – I want to help you get online.
Cheers
Brad
Hi folks
I’ll need to get a video up and posted to show you what you need to do to move forward.
Thanks for your comments – I really appreciate them!
Cheers
Brad
Just thought i would comment and say neat design, did you code it yourself? Looks great.
Hi just thought i would tell you something.. This is twice now i’ve landed on your blog in the last 2 days looking for completely unrelated things. Spooky or what?
Your WordPress blog keeps getting better and better!
I’ve been following your posts for a couple of weeks now and I have to say that your older posts don’t offer as much insight as the newer ones. You have a lot more creativity and originality now, your writing is constantly improving.
Keep it up! By the way, if you’re looking into placing some advertisements on your blog – you should really do it. Don’t go for all that 3rd party crap – Use a nice WordPress monetization tool coded by a buddy of mine which by far the best, it’s a must have plugin for any serious blogger. You can find it at www.goo.gl/dLl6 (new google service, highly recommended) and give it a free test-run.
Oh, and there is a nice discount coupon in the sidebar of the mainpage today!
Thanks for the interesting post! May I ask where you get your sources from?
Thanks for sharing the info. I found the details really helpful.
Thanks for the information. You have done a great job communicating your message. Keep up the good work.
赞一个 文章写的挺好 支持一下
radical post, great blog, keep up the posts!
Pingback: Watch Supernatural Online
It does appear that anybody is into this specific stuff of late. Don’t in fact understand it nonetheless, however , thank you looking to describe it.
You have got your position through a lot better than I ever might, many thanks!
I’m sure everyone has their favorites, but what I would like to know is the best web host control panel and the number one reason why it beats the competition.
I am watching your web log for a month or so and also have found a pile of powerful data. I’m undertaking to own my own, personal blog nevertheless I do believe its too typical and I would like to concentrate more on smaller subjects.
What hosting company are you using for your blog?
Hi Harry
I’m hosting this site at home.
That’s the whole idea!
Cheers
Brad
Being a new blogger, I would like to tell you that you have given me much knowledge about it. Thanks for everything.
Mr.parts tools
Very informative article sir, i have learned a lot from your blog
What youre saying is completely true. I know that everybody must say the same thihttp://www.adsense-id.com/forums/images/vtc/36_002.gifng, but I just think that you put it in a way that everyone can understand. I also love the images you put in here. They fit so well with what youre trying to say. Im sure youll reach so many people with what youve got to say.
Hai friend , This is amazing posting for my homework from university Do u have twitter account ?? i want to follow your twitt . bye
Hi home and family
Follow @diywebserver on Twitter.
Cheers
Brad
This is the type of information that should be shared around the web. Shame on the search engines for not positioning this post higher!
I’m not sure that I agree 100% with your post, but I did find it interesting.
Interesting post. I’ve saved this page to check back later.
Wonderful! Your post was very effective for me. I have used a long time to looking for the best autoresponder software to earn money online easier and now I think I have got something here .BTW, there is another article out there which is also help me much more :http://autoresponder-software-review.learnmoreskills.com. Hopes you will benefit from it too .
Good to see you back. And again by having an interesting post.
Keep at it, this is great.
Hi, Thanks for the fine blog. I think it is really a great topic to write about on my Blog. Also here is some awesome information: Web Hosting
Cheers for this post. Web Hosting can be quite difficult to choose if you’re trying to find a new web host. It could also be difficult even when you do have a hosting company as problems can still occur in the long term, such as with your sites going offline or customer service problems. That is why choosing the right web host is important, so you don’t face problems in the long term.
Any host will have problems from time to time. That’s precisely why they don’t guarantee 100% uptime.
As for hosting at home, I reckon its a good way to get started without needing to spend any more money every month other than what you normally pay for your current Internet connection – even if it is only a few dollars each month.
If your self-hosted website does start getting a lot of traffic, then you can start looking into moving your site onto a “proper” web hosting company.
Thanks for this blog post. I’m currently using HostGator as a host and so far, they seem to be pretty good. I’m not sure, though, what other people’s opinions are about the specifications of the hosting plan they offer, as with some hosts, such as with HostMonster, you may get more.
Cheers for this article. I’m currently being hosted by HostGator and so far, they seem to be good. I’m not sure, though, what other people’s opinions are about the specs of the hosting plan they provide, as with some hosts, such as with HostMonster, you may get more.
One thing to think about is that not everybody is going to like or accept us in existence even if we like them. The comment which has upset you sounds like she doesn’t like you and is just trying to upset you – I wouldn’t believe about it as criticism but just an insult. The other thing that comes to mind is that people say nasty points for all types of reasons and issues – maybe she is jealous of you, or doesn’t like herself, or sees you as a threat, or wants to be top dog – all kinds of motives and really it just doesn’t issue because who and what you are is your company and it’s essential that you simply like you.
Great post, I bet a lot of work and research went into this article.
This is a great blog post.
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
Sure!
The most to the point as well as informed info I discovered on this subject. Indeed glad that I saw that web page by chance. I’ll probably be subscribing for the feed so as I’m able to obtain the latest updates. Like all the details here.
Download the iso file burn it to a CD then put it in the drive and reboot. You can dual boot if you want. You can wipe Vista and just have the linux OS.
If I accidentally selected it to save it to a text file, if I delete the text file is that enough to reverse the mistake?
lockup or erase your /webdav dir.. its open …….
this is very helpful, thanks!
Wonderful goods from you, man. Lesson 4 – Securing XAMPP | Do It Yourself Web Server / Hosting I have understand your stuff previous to and you’re just extremely excellent. I really like what you’ve acquired here, really like what you are saying and the way in which you say it. You make it entertaining and you still take care of to keep it sensible. I can’t wait to read far more from you. This is actually a great Lesson 4 – Securing XAMPP | Do It Yourself Web Server / Hosting informations.
Good information once again! Thumbs up;)
Lesson 4 – Securing XAMPP | Do It Yourself Web Server / Hosting I was recommended this blog by my cousin. I’m not sure whether this post is written by him as nobody else know such detailed about my problem. You’re incredible! Thanks! your article about Lesson 4 – Securing XAMPP | Do It Yourself Web Server / Hosting Best Regards Craig Andy
IF you’re still on the fence for more posts, sign me up!
28bM9r It’s straight to the point! You could not tell in other words!
D
This is the proper Lesson 4 – Securing XAMPP | Do It Yourself Web Server / Hosting diary for anyone who wants to move out out almost this issue. You respond so often its virtually debilitating to contend with you (not that I truly would want…HaHa). You definitely put a new rotation on a topic thats been scrivened some for age. Prissy shove, only eager!
Prissy shove, only eager!
Yes, perhaps, but then again, perhaps not.
Just go and secure XAMPP as shown, and I’m sure you’ll be ok.
And no need for prissy shoves!
Whatever the hell they are!:)
Greetings, do you have a Twitter page that I may follow? Thanks
Hey!
Absolutely!
http://www.twitter.com/bradzo
Thank you an incredible put up, can read one’s others posts. thank you your notions with this, I soon became a lttle bit thump by this post. Many thanks again! You make a great moment. Portrays natures best by the excellent report here. I think if more people consideration for it like this, they’d have got a better moment in time receive the hold ofing the difficulty.
Yes – I’ve always had a problem with receiving the “hold ofing the difficulty.”
I can understand that you might have had trouble understanding how to secure xampp, but really, its not that difficult.
Keep up the amazing work!! I love how you wrote this and I also like the colors here on this site. Very good opinions expressed here
Thanks!
An easier and direct tutorial for ubuntu 11.10 can be found here at
http://menatronics.blogspot.com/2012/01/lampp-installation-to-securing-your.html
this tutorial will be fine for ubuntu 10.04 and above and even for debian installations
Lesson 4 – Securing XAMPP | | Do It Yourself Web Server / HostingDo It Yourself Web Server / Hosting I was recommended this website by my cousin. I’m not sure whether this post is written by him as no one else know such detailed about my difficulty. You are amazing! Thanks! your article about Lesson 4 – Securing XAMPP | | Do It Yourself Web Server / HostingDo It Yourself Web Server / Hosting Best Regards Lisa Shane
What a terrific online site. I am happy I found it.It is wonderful to look at one thing appealing I can not find subscription list
Thank you! We spent an entire day trying to figure out how to get this done, and this instruction took us five minutes!
Hey Kevin
Glad it helped.
Hows business?
Your website doesn’t go anywhere…
Webmaster, I am the admin at SEOPlugins.org. We profile SEO Plugins for WordPress blogs for on-site and off-site SEO. I’d like to invite you to check out our recent profile for a pretty amazing plugin which can double or triple traffic for a Worpdress blog and we just posted a video showing the plugin in action. You can delete this comment, I didn’t want to comment on your blog, just wanted to drop you a personal message. Thanks, Rich
Thx Rich.
I’m sure you’ve visited before.
I’ll check it out.
I hope you would not mind if I posted a part of this site on my univeristy blog?
Go right ahead!
Genuinely motivating
Hey There. I found youг blοg the uѕe of msn.
This іs a гeаlly neatlу wrіtten аrticle.
I ωill be ѕure to bοokmaгk it and rеtuгn to leaгn extrа of уour uѕeful informаtion.
Thanks foг the post. Ӏ will ceгtainlу comebаck.
Ιt’s in reality a great and useful piece of information. I am happy that you shared this helpful info with us. Please keep us informed like this. Thank you for sharing.